/rhetsec_

/other_writing

/visaudio

/eva

phishing email corpus

This corpus includes each email I've used for my analyses, recreated as close as possible to the original form. If you'd like to view a specific email, select it from the list. I've removed all links towards malicious sites or programs, so you can feel confident in browsing these materials.

sender subject category source
Amazon <aw-confirm@ebay.com> Customer Support Notification Bulk Enron Corpus
Amazon <support@amazon.com> Amazon Inquiry Bulk Enron Corpus
Amazon Service <service101@amazon.com> Please Update Your Profile - Personal Information Error Bulk Enron Corpus
Amazon <service@amazon.com> ***Urgent Fraud Prevention Group Notice*** Bulk Enron Corpus
Amazon Customer Service <payment-update@amazon.com> Important Notice: Your Amazon.com Order (#002-5081318-3276061). Bulk Enron Corpus
Chase Bank Inc. <security@chase.com> Security Update Notification Bulk Enron Corpus
Chase <service@chaseonline.com> Please restore your account. Bulk Enron Corpus
Chase <account@chase.com> Account Authentication Required Bulk Enron Corpus
Trashcan G. Straitjacket <aw-confirm@chase.com> Chase Security Measures Bulk/Possible Clone Enron Corpus
Chase <service@chase.server1.com> Alert: Account Locked! Bulk Enron Corpus
moreinfo@ebay.com <moreinfo@ebay.com> Question about item - Respond now ! Clone Enron Corpus
ebay <service@chase.com> Question from member Bulk/Clone Enron Corpus
eBay France <aw-service@maiI.ebay.fr.asilefx.com> Question for item #250026510836 - Respond Now Clone Enron Corpus
eBay <account2@masonproper.com> Account Authentication Required Bulk Enron Corpus
eBay <vote@eBay.com> Your opinion counts Bulk Enron Corpus
service@paypal.com <service@paypal.com> Unauthorized access to your PayPal account ! Bulk Enron Corpus
PayPal <accounts@paypal.com> Confirm Your Account Bulk Enron Corpus
PayPal Security<security@paypal.com> Information Regarding Your account Bulk Enron Corpus
message <support@securesite.com> Your payment has been sent to sales@configure.us.dell.com Bulk Enron Corpus
service@paypal.com <service@paypal.com> Your PayPal Billing Information records are out of date. Please update them immediately to restore your account. Bulk Enron Corpus
{Pullman & Assoc. | Wiseman & Assoc.| Steinburg & Assoc. | Swartz & Assoc. | Quartermain & Assoc.} <legal@wpslaw.com> none provided - see link Malware Krebs on Security
Antonio Capilla <test@kr.ir> FOR MUTUAL BENEFIT PSE Personal e-mail
Givanildo S. <givanildo@csemil.com.br> | Reply-To: Maria Elisa <patriciachandler0@gmail.com> Grant Donation of €1,700,000 Bulk Personal e-mail
Maria <ufpomodhupur@dgfp.gov.bd> Grant Donation of €1,700,000 PSE Personal e-mail
Maria Elisabeth <elisabethmaria600@gmail.com> Re: Grants Donations. PSE Personal e-mail
Reverend Joseph Cameron King <Landlord1453@outlook.com> Re: $730 / 3br - 1200ft2 on Craigslist PSE Personal e-mail
Elizabeth Lyonsfield <naoko@koinonia.or.jp> BEEN TRYING TO REACH YOU PSE Personal e-mail
D T Leong <dteoh@dbsgroup.org> [PROJECT] PSE Personal e-mail
nfrancisou@mail2sal.com <nfrancisou@mail2sal.com> Frauders known your old passwords. Access data must be changed. Spearphishing Personal e-mail
FreeIphone79105 <DeviantArt User> Hello, linuxfingers! Spearphishing DeviantArt Message
gok_wed@aol.com <gok_wed@aol.com> House for rent: 12th Ave N, Saint Cloud, MN PSE Personal e-mail
INDIANA.EDU SUPPORT TEAM <supportteam01@indiana.edu> | Reply-To: INDIANA.EDU SUPPORT TEAM <spupportteam@info.lt> CONFIRM YOUR ACCOUNT Bulk Indiana.edu Knowledge Base
Apple <REDJANG-DANCE959@APPLE.com> Re: ( Payment Confirmed ) Your Invoice From Apple on May 6, 2018 9:48 am # AFW4ETGQOIF34GDR | [DRONE SELLER] Spearphishin/Clone NetSecOps
Forensic <info@isgec.com> “Fwd: Airlines plane crash Boeing 737 Max 8 Bulk/Malware Security Affairs
Anonymous Hacker - Kimbery <kimbery899@b.anonymous-observer.ml> This is my last warning <subject's email address!> Spearphishing Malware Traffic Analysis (Pastebin)
Melinda O'Toole <rohitha@amadili.info> Re: Re: Meeting on Wednesday Malspam Malware Traffic Analysis (Pastebin)
Steve Wolfram < > RE: Steve Wolfram Payment Remittance Advice Malspam Malware Traffic Analysis (Pastebin)
Accounting <contabilidadcc@ruhega.com> March Statement Malspam Malware Traffic Analysis (Pastebin)
HelloFax <hellofax@santuariohotel.comgt; HelloFax, Someone Sent You a Fax Malspam/Clone Malware Traffic Analysis (Pastebin)
DocuSign Signature <docusign@milaromanoff.com> You got an invoice from DocuSign Electronic Service Malspam/Clone Malware Traffic Analysis
hidrohan otomotiv <bilgi@hidrohan.com> New Purchase & Catalogue Requisition Malspam Malware Traffic Analysis
"Mr. Hong Woo" <hongwoo@gmail.com> INV 3326GHF- from Outriger General Importers Korea for acknowledgment Malspam Malware Traffic Analysis
"khusheim" <proc400@khusheim.com> RFQ#5500177966 Malspam Malware Traffic Analysis
"Evergreen Group Pte Ltd" <intrebizagency@gmail.com> Evergreen Group Pte Ltd - Request for Quotation Malspam Malware Traffic Analysis
[redacted] Urgent Request for Quotation #RFQE67Y54 Malspam Fortinet
"harish" <[redacted]> FW: [redacted] new order C 21-19 Malspam Trend Micro
Google <no-reply@accounts.googlemail.com> Someone has your password Clone/Spearphishing Wikileaks
Blizzard Entertainment <a battle.net email account > has gifted you: World of Warcraft In-Game Pet: Brightpaw! Bulk Malware Bytes Blog
HR@berkeley.edu <HR@berkeley.edu> Message from human resources Spearphishing Berkeley Security
Sass, Bradley <sass@tamhsc.edu> Your Dropbox File Clonephish Berkeley Security
App.Support <no_reply@appsupport.com> Your access has been disabled Bulk Berkeley Security

amazon_1

source: Enron Spam Cache

amazon_2

source: Enron Spam Cache

amazon_3

source: Enron Spam Cache

amazon_4

source: Enron Spam Cache

amazon_5

source: Enron Spam Cache

chase_1

source: Enron Spam Cache

chase_2

source: Enron Spam Cache

chase_3

source: Enron Spam Cache

chase_4

source: Enron Spam Cache

chase_5

source: Enron Spam Cache

eBay_1

source: Enron Spam Cache

eBay_2

source: Enron Spam Cache

eBay_3

source: Enron Spam Cache

eBay_4

source: Enron Spam Cache

eBay_5

source: Enron Spam Cache

paypal_1

source: Enron Spam Cache

paypal_2

source: Enron Spam Cache

paypal_3

source: Enron Spam Cache

paypal_4

source: Enron Spam Cache

paypal_5

source: Enron Spam Cache

krebs_1

source: https://krebsonsecurity.com/2019/05/legal-threats-make-powerful-phishing-lures/

personal_1

source: personal email (forwarded to me)

personal_2

source: personal email

personal_3

source: personal email

personal_4

source: personal email

personal_5

source: personal email

personal_6

source: personal email

personal_7

source: personal email

personal_8

source: personal email

personal_9

source: private message on DeviantArt account

personal_10

source: private e-mail

indy

source: https://kb.iu.edu/d/arsf#example

netsecops

source: http://netsecops.info/bought-a-drone-from-apple-really/

boeing 737 max

source: https://securityaffairs.co/wordpress/82500/cyber-crime/spam-boeing-737-max.html

additional source: https://mp.weixin.qq.com/s/CpASyR0lYBKFtjRAFumM1g

sextortion_1

source: https://pastebin.com/raw/LQWeA6j1


emotet_malspam1

source: https://pastebin.com/raw/7GbVYu9q


hancitor_2

source: https://www.malware-traffic-analysis.net/2019/04/02/index.html

lokibot_1

source: http://malware-traffic-analysis.net/2019/05/23/index.html

Please do not go to this page and download the email/files unless you have a proper forensics setup. They contain active malware. The code I have put here from this email is safe.

lokibot_2

source: http://malware-traffic-analysis.net/2019/03/15/index2.html

Please do not go to this page and download the email/files unless you have a proper forensics setup. They contain active malware. The code I have put here from this email is safe.

lokibot_3

source: http://malware-traffic-analysis.net/2019/01/03/index.html

Please do not go to this page and download the email/files unless you have a proper forensics setup. They contain active malware. The code I have put here from this email is safe.

lokibot_4

source: https://pastebin.com/3t2GicWX

lokibot_5

source: https://www.fortinet.com/blog/threat-research/new-infostealer-attack-uses-lokibot.html

Podesta Email

source: https://wikileaks.org/podesta-emails/

warcraft_1

source: https://blog.malwarebytes.com/cybercrime/2017/03/world-of-warcraft-phish-lures-victims-with-free-pet/

berkeley_1

source: https://security.berkeley.edu/news/phishing-example-message-human-resources

berkeley_2

source: https://security.berkeley.edu/news/phishing-example-your-dropbox-file

berkeley_3

source: https://security.berkeley.edu/news/phishing-example-itunes-access-disabled

Activate Windows
Go to Settings to activate Windows.